Skip to main content
SpringerLink
Log in

SFIM: Identify user behavior based on stable features

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

The development of smartphones and social networks has brought great convenience to our lives. Due to the increasing requirements of user privacy, user data are protected by encryption protocol. Nevertheless, the encrypted traffic may still be identificated by a third party. In order to improve the privacy protection of users, it is necessary to study the existing encrypted user behavior system. The existing user behavior identification adopts the statistical features of encrypted traffic, which fluctuates greatly in different transmission environments. In this paper, we propose a Stable Features Identification Method(SFIM), which concentrate on filtering out the stable features from the encrypted traffic to identify user behavior. Based on the principle of maximum entropy, we put forward an approach to divide the distribution ranges of these stable features, and map the feature space into vector space. Our research focuses on multiple user behavior in the Instagram application. The best evaluation results achieve 99.8% accuracy, 99.3% precision, 99.3% recall, and 0.09% false positive rate(FPR) on average.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Shen M, Liu Y, Zhu L, Xu K, Du X, Guizani N (2020) Optimizing feature selection for efficient encrypted traffic classification: A systematic approach. IEEE Netw 34(4):20–27

    Article  Google Scholar 

  2. Moore AW, Zuev D (2005) Internet traffic classification using bayesian analysis techniques. In: Proceedings of the 2005 ACM SIGMETRICS international conference on measurement and modeling of computer systems, pp 50–60

  3. Anderson B, McGrew D (2017) Machine learning for encrypted malware traffic classification: Accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining, pp 1723–1732

  4. Wang Q, Yahyavi A, Kemme B, He W (2015) I know what you did on your smartphone: Inferring app usage over encrypted data traffi. In: 2015 IEEE Conference on communications and network security (CNS). IEEE, pp 433–441

  5. Muehlstein J, Zion Y, Bahumi M, Kirshenboim I, Dubin R, Dvir A, Pele O (2017) Analyzing https encrypted traffic to identify user’s operating system, browser and application. In: 2017 14th IEEE annual consumer communications & networking conference (CCNC), IEEE, pp 1–6

  6. Qin T, Wang L, Liu Z, Guan X (2015) Robust application identification methods for p2p and voip traffic classification in backbone networks. Knowl Based Syst 82:152–162

    Article  Google Scholar 

  7. Wang X, Chen S, Su J (2020) Automatic mobile app identification from encrypted traffic with hybrid neural networks. IEEE Access 8:182065–182077

    Article  Google Scholar 

  8. Tiep M, Deepak A, Alessandra S (2015) Profiling user activities with minimal traffic traces. In: International conference on web engineering, Springer, pp 116–133

  9. Saltaformaggio B, Choi H, Johnson K, Kwon Y, Zhang Q, Zhang X, Xu D, Qian J (2016) Eavesdropping on fine-grained user activities within smartphone apps over encrypted network traffic. In: 10th {USENIX} workshop on offensive technologies ({WOOT} 16)

  10. Alan HF, Kaur J (2016) Can android applications be identified using only tcp/ip headers of their launch time traffic?. In: Proceedings of the 9th ACM conference on security & privacy in wireless and mobile networks, ACM, pp 61–66

  11. Chen L, Gao S, Liu B, Zhigang L, Zhengwei J (2020) Ths-idpc: A three-stage hierarchical sampling method based on improved density peaks clustering algorithm for encrypted malicious traffic detection. Supercomput 76(9):7489–7518

    Article  Google Scholar 

  12. Miserendino SB, Klein RH, Peters RV, Kaloroumakis PE (2017) System and method for in-situ classifier retraining for malware identification and model heterogeneity, February 2 2017. US Patent App. 15/176,784

  13. Wei L, Rammidi G, Ghorbani AA (2011) Clustering botnet communication traffic based on n-gram feature selection. Comput Commun 34(3):502–514

    Article  Google Scholar 

  14. Chen S, Wang R, Wang XF, Zhang K (2010) Side-channel leaks in web applications: A reality today, a challenge tomorrow. In: 2010 IEEE symposium on security and privacy, IEEE, pp 191–206

  15. Fielding RT, Taylor RN (2000) Architectural styles and the design of network-based software architectures, 7 University of California, Irvine Doctoral dissertation

  16. Wu H, Wu Q, Cheng G, Guo S (2020) Instagram user behavior identification based on multidimensional features. In: IEEE INFOCOM 2020 - IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp 1111–1116

  17. Yoon S-H, Park J-W, Park J-S, Oh Y-S, Kim M-S (2009) Internet application traffic classification using fixed ip-port. In: Asia-pacific network operations and management symposium, Springer, pp 21–30

  18. Dharmapurikar S, Krishnamurthy P, Sproull T, Lockwood J (2003) Deep packet inspection using parallel bloom filters. In: 11th Symposium on high performance interconnects, 2003. Proceedings, IEEE, pp 44–51

  19. Najam M, Younis U, Rasool R (2015) Speculative parallel pattern matching using stride-k dfa for deep packet inspection. J Netw Comput Appl 54:78–87

    Article  Google Scholar 

  20. Alshammari R, Zincir-Heywood AN (2009) Machine learning based encrypted traffic classification: Identifying ssh and skype. In: 2009 IEEE symposium on computational intelligence for security and defense applications, IEEE, pp 1–8

  21. Chang L, Longtao H, Gang X, Zigang C, Zhen L (2019) Fs-net: A flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019-IEEE conference on computer communications, IEEE, pp 1171–1179

  22. Pradhan A, Behera S, Dash R (2018) Hybrid rbfn based encrypted ssh traffic classification. In: 2018 5th International conference on signal processing and integrated networks (SPIN), IEEE, pp 264–269

  23. Wang W, Zhu M, Wang J, Zeng X, Yang Z (2017) End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International conference on intelligence and security informatics (ISI), IEEE, pp 43–48

  24. Shen M, Wei M, Zhu L, Wang M (2017) Classification of encrypted traffic with second-order markov chains and application attribute bigrams. IEEE Trans Inf Forens Sec 12(8):1830–1843

    Article  Google Scholar 

  25. Yanjie F, Xiong H, Xinjiang L, Yang J, Chen C (2016) Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans Mob Comput 15(11):2851–2864

    Article  Google Scholar 

  26. Michie D, Spiegelhalter DJ, Taylor CC, et al. (1994) Machine learning. Neural and Statistical Classification 13(1994):1–298

    MATH  Google Scholar 

  27. Liu C, Cao Z, Li Z, Xiong G (2018) Lafft: Length-aware fft based fingerprinting for encrypted network traffic classification. In: 2018 IEEE Symposium on computers and communications (ISCC) IEEE, pp 1–6

  28. Lingjing K, Guowei H, Keke W (2017) Identification of abnormal network traffic using support vector machine. In: 2017 18th International conference on parallel and distributed computing, applications and technologies (PDCAT), IEEE, pp 288–292

  29. Yu B, Song X, Guan F, Yang Z, Yao B (2016) k-nearest neighbor model for multiple-time-step prediction of short-term traffic condition. J Transp Eng 142(6):04016018

    Article  Google Scholar 

  30. Bo T, Kay S, He H (2016) Toward optimal feature selection in naive bayes for text categorization. IEEE Trans Knowl Data Eng 28(9):2508–2521

    Article  Google Scholar 

  31. Yan F, Xu M, Qiao T, Wu T, Yang X, Zheng N, Choo K-KR (2018) Identifying wechat red packets and fund transfers via analyzing encrypted network traffic. In: 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE), IEEE, pp 1426–1432

  32. He G, Bingfeng X, Haiting Z (2017) Identifying mobile applications for encrypted network traffic. In: Fifth international conference on advanced cloud and big data (CBD), IEEE, pp 279–284, p 2017

  33. Conti M, Mancini LV, Spolaor R, Verde NV (2016) Analyzing android encrypted network traffic to identify user actions. IEEE Trans Inf Foren Sec 11(1):114–125

    Article  Google Scholar 

  34. Ata S, Iemura Y, Nakamura N, Oka I (2017) Identification of user behavior from flow statistics. In: 2017 19th asia-pacific network operations and management symposium (APNOMS), pp 42–47

  35. Li D, Li W, Wang X, Nguyen C, Lu S (2019) Activetracker: Uncovering the trajectory of app activities over encrypted internet traffic streams. In: 2019 16th Annual IEEE international conference on sensing, communication, and networking (SECON), pp 1–9

  36. Grolman E, Finkelshtein A, Puzis R, Shabtai A, Celniker G, Katzir Z, Rosenfeld L (2018) Transfer learning for user action identication in mobile apps via encrypted trafc analysis. IEEE Intell Syst 33(2):40–53

    Article  Google Scholar 

  37. Fu Y, Xiong H, Lu X, Yang J, Chen C (2016) Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans Mob Comput 15(11):2851–2864

    Article  Google Scholar 

  38. Liu J, Yanjie F, Ming J, Ren Y, Sun L, Xiong H (2017) Effective and real-time in-app activity analysis in encrypted internet traffic streams. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining, pp 335– 344

  39. Quan W, Cheng N, Qin M, Zhang H, Chan HA, Shen X (2019) Adaptive transmission control for software defined vehicular networks. IEEE Wireless Commun Lett 8(3):653–656

    Article  Google Scholar 

  40. Quan W, Liu Y, Zhang H, Yu S (2017) Enhancing crowd collaborations for software defined vehicular networks. IEEE Commun Mag 55(8):80–86

    Article  Google Scholar 

  41. Liu Y, Feng T, Peng M, Guan J, Wang Y (2020) Dream: Online control mechanisms for data aggregation error minimization in privacy-preserving crowdsensing. In: IEEE Transactions on dependable and secure computing. pp 1–1

  42. Liu Y, Wang H, Peng M, Guan J, Wang Y (2020) An incentive mechanism for privacy-preserving crowdsensing via deep reinforcement learning. IEEE Int Things J 8(10):8616–8631

    Article  Google Scholar 

  43. Pautasso C (2014) Restful web services: Principles, patterns, emerging technologies. In: Web services foundations, Springer, pp 31–51

  44. Hou C, Shi J, Kang C, Cao Z, Gang X (2018) Classifying user activities in the encrypted wechat traffic. In: 2018 IEEE 37th International performance computing and communications conference (IPCCC), pp 1–8

Download references

Acknowledgments

The research work leading to this paper is supported by the National Key Research and Development Program of China under Grant No. (2020YFB1807503, 2020YFB1807500), and Key Laboratory of Computer Network and Information Integration of Ministry of Education (Southeast University).

Author information

Authors and Affiliations

  1. School of Cyber Science and Engineering, Southeast University, Nanjing, 211189, China

    Hua Wu, Qiuyan Wu, Guang Cheng, Shuyi Guo & Xiaoyan Hu

  2. Key Laboratory of Computer Network and Information Integration of Ministry of Education of China, Southeast University, Nanjing, 211189, China

    Hua Wu, Qiuyan Wu, Guang Cheng, Shuyi Guo & Xiaoyan Hu

  3. Purple Mountain Laboratories for Network and Communication Security, Nanjing, 211111, China

    Hua Wu

  4. HUAWEI TECHNOLOGIES CO., LTD., Beijing, 100095, China

    Shen Yan

Authors
  1. Hua Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qiuyan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guang Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shuyi Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiaoyan Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Shen Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hua Wu.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, H., Wu, Q., Cheng, G. et al. SFIM: Identify user behavior based on stable features. Peer-to-Peer Netw. Appl. 14, 3674–3687 (2021). https://doi.org/10.1007/s12083-021-01214-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-021-01214-2

Keywords

Search

Navigation